JPEG exploit could beat antivirus software

By Dan Ilett, ZDNet
Thursday, September 30, 2004 11:41 AM

Antivirus software could be ill-prepared to protect corporate networks from the latest Windows vulnerability--innocent-looking JPEG files that contain security attacks.

According to Mikko Hypponen, director of antivirus research for F-Secure, antivirus software will strain to find JPEG malware, because by default, it only searches for .exe files.

"Normal antivirus software, by default, will not detect JPEGs," Hypponen said. "You can set your antivirus scanner to look for JPEG, but the trouble is that you can change the file extension on a JPEG to so many things."

There are about 11 file name extensions to which JPEGs can be changed, including .icon or .jpg2. Hypponen said this would make finding malicious JPEGs even more difficult; searching could take up a significant amount of valuable processor power.

Internet Explorer processes JPEGs before it caches them. That could also mean that desktops may become infected before antivirus software has a chance to work.

"This means that it is not enough to scan at the desktop," Hypponen said. "You have to scan at the gateway, but this will put a huge load on your bandwidth."

Hypponen said he expected a virus attack using the exploit to occur soon: "There has been so much interest in this vulnerability that someone is bound to do this. But saying that, there was a similar vulnerability found two months ago in bitmaps, and no one has exploited that yet."

Word of code that exploits the way Microsoft Windows processes JPEGs was posted in recent days to the Internet newsgroup EasyNews. Hypponen wrote on the F-Secure Web log that the exploit was not a virus because it had no way of spreading. In order for the code to infect a machine, a user must download the image it purports to be and view it in Windows Explorer.

On Tuesday, Microsoft hit back at critics over its handling of the vulnerability.

"Microsoft does not consider this a high risk to customers, given the amount of user action required to execute the attack, and is not currently aware of any significant customer impact," the company said in a statement. "We will continue to investigate the situation and provide customers with additional resources and guidance, as necessary."

Dan Ilett of ZDNet UK reported from London. CNET News.com's Rob Lemos contributed to this report.

+ Add tag

To add tags, you need to become a member. It's FREE.

Log in or sign up now!

Cancel

WORTHWHILE?

0
0 votes

Save to My Library

Talkback

Print

E-mail

Share

Alerts

Slashdot

Digg

Facebook

Twitter

Delicious

reddit

Google

StumbleUpon

close this

Talkback 0 comments

There are currently no comments for this post.

Reply to story

Related Whitepapers

New Era of Intelligent Communications

Business Communications Applications on Any Network

Enterprise IT Modernization: A Comprehensive Solution Approach

Featured Whitepapers

Security Considerations for Cloud-Ready Data Centers

Opportunities and Challenges with the Convergence of Data Center Networks

Tech Jobs Now!

VPN,AAA & IPsec Experts //Bangalore//5+years//suchi @ roljobs.co

Software Application Security Lead eBiz Testing

Wireless Based MNC jobs for Senior Software Engineer(Security)

Network engineer / system administrator/security engineer

Software Engineer ACL, security Openings with Product Developm

Search for your ideal tech job:

News from Countries/Region

» Singapore

» Malaysia

» Thailand

» India

» Philippines

» Indonesia

» China/HK/ROC

» ASEAN

» Asia Pacific

Related News

What's Hot

Latest News

Trojan horse exploits image flaw

5 tips to create strong passwords

Microsoft investigating 'black screen of death'

Globalized domains to up phishing attacks

Mogeneration hires rickroll virus author

Microsoft: November security updates are fine

Microsoft to plug critical IE hole targeted by exploit code

Avast update falsely flags good apps as malware

Blackberrys at risk from PDF flaw

Globalized domains to up phishing attacks

5 security threats to watch in 2010

TechGuides

Hands-on programming: Extract plain text from documents with Syncfusion's components

Justin James recently tried Syncfusion's Essential DocIO and Essential PDF to help him extract text from documents he downloaded from the Internet. Here's the code he wrote to get the plain text.

Read more �

Specials

News and Interviews

Whiteboard

UOB banks on economic downturn
Singapore bank's IT chief Susan Hwee explains how financial crisis offers new opportunities to reengineer
Play video

Domino's Pizza keeps customers eating
CEO Don Meij discusses strategy to grow customer base
Play video

Amazon CTO: Cloud's advantage
Werner Vogels' discusses business benefits of cloud
Play video

Salesforce CEO chatters about new social media platform
Facebook-type app hits the enterprise
Play video

Cost Effective, Secure and HA Server Infrastructure for SMBs
Alan Wan from Dell illustrates how small and medium businesses can build a high availability IT infrastructure without requiring heavy investments on skills and resources.
Play video

Enterprise 2.0
Vince Casarez, vice president of product management at Oracle, explains how Web 2.0 technologies, such as tags, wikis, and mash-ups, can be applied within an organization.
Play video

Latest from Blog Central

Will technology divide us further?

So I finally watched 2012 over the weekend, but the film left me feeling extremely agitated.

The possibility that the world may meet its watery end in three years didn't..... by Eileen Yu

Read more �

Tags

attack

authentication and encryption

blog

data security

e - mail

hacking

internet

malware

microsoft corp.

network

network security

pc security

researcher

security

security management

software

spam and phishing

symantec corp.

viruses and worms

web

Cutting-edge technology from premium sponsors

The Roots for a
Greener World

What are
Eco-Products? »

View Featured
Eco-Products »

Brought to you by:

More Tech Showcases:

Juniper Networks
Hitachi Eco-Products

IDC's Powering the Enterprise Cloud Event 2009

12 Nov - 17 Dec 2009

Grand Copthorne Waterfront Hotel, Singapore

Cloud Computing Summit 2009

9 Dec 2009

Hong Kong Convention and Exhibition Center

4th Annual GovTech 2010

27 - 28 Jan 2010

Amara Hotel, Singapore

Overwhelmed by consolidation? Take it in steps.
Learn the 5 steps to data center consolidation - download the whitepaper now.

Choose a career with Accenture in Singapore
A dynamic job opportunity where technology and business intersect

Choose a career with Accenture in Malaysia
A dynamic job opportunity where technology and business intersect

Improving the Security & Management of Active Directory:
See a live demonstration of NetIQ DRA now

The Roots for a Greener World
Discover Hitachi's Environmental Vision 2025 and featured Eco-Products

The Desktop Virtualization Revolution is here!
Find our more with Citrix Simplicity is Power

Master in Organisational Leadership
Part-time masters program from Monash University. Find out more.

Lack of visibility into network issues and performance?
Find out today. Download SolarWinds FREE 30-Day Trial Software here.

IT Salary & Skills Report 2009
Join activeTechPros for free access to the report

More from CBS Interactive

CBS Interactive Inc Sites

About ZDNet Asia |

About CBS Interactive |

ZDNet Asia editorial calendar |

Advertise with us |

Jobs |

Partnership |

Contact Us |

CNET Direct |

CNET Asia |

CNET Asia mobile |

Sitemap

ZDNet.com |

ZDNet Japan |

ZDNet.de |

CNET UK |

CNET.de |

Tech Republic |

BNET |

MP3.com |

activeTechPros |

ZDNet UK |

ZDNet Korea |

ZDNet France |

CNET Australia |

CNET France |

Download.com |

Builder |

GameSpot

ZDNet Australia |

ZDNet Taiwan |

CNET |

CNET Taiwan |

News.com |

Silicon.com |

TV.com |

GameSpot Korea

News | Insight | Reviews | TechGuides | Jobs | Blogs | Videos | Community | Downloads | IT Library |

Get RSS feeds